Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Featured Spotlight

For the security industry, the tide is shifting. Executives and boards are recognizing future ROI benefits in beefing up security when alerted to the potential of a three to five percent sales decline following a data breach.

Web Service Security

There is no holiday lull for Microsoft, as the software giant is working to address a potentially dangerous denial-of-service vulnerability impacting its entire .NET Framework. Other vendors may be impacted too.

Leading Chinese search engine Baidu, is suing Register.com, its U.S.-based web hosting provider, over a recent cyberattack that left the site unusable for several hours, according to published reports. On Jan. 12, Baidu visitors were redirected to a page announcing that the site had been overtaken by the Iranian Cyber Army. On Wednesday in a Manhattan federal court, Baidu filed a complaint against Register.com claiming that negligence by the company resulted in severe damage to the search giant. A Register.com spokesperson reportedly has said the lawsuit is "without merit." A representative could not be reached by SCMagazineUS.com. — AM

The Online Trust Alliance (OTA), an industry group whose mission is to eliminate email and internet fraud, has released for comment a draft document outlining its Online Trust Principles. OTA said the principles listed in the document are a major step toward establishing business practices for greater online protection. After a 30-day comment period and subsequent ratification, OTA plans to work with business and regulatory agencies to drive adoption, according to an announcement describing the initiative. — CAM

A vulnerability in Microsoft Internet Information Services (IIS) web server could enable an attacker to access or upload files to protected WebDAV folders. The SANS Internet Storm Center said in a blog post that "adding certain Unicode characters to an URL makes it possible to bypass authentication in IIS." The vulnerability was rated "moderately critical" and affects Microsoft IIS 5.1 and 6.0, according to an advisory from Secunia. Storm Center handlers recommended turning off WebDav until more details about the vulnerability are uncovered. — AM

Three real estate agents in Rockingham, N.C. were charged with illegally accessing a Hotmail account belonging to the employee of a competitor. RE/MAX Tri City Realty agents Wendy Robson Massagee, 43; Kim Dawn Whitley, 40; and Jamie Moss-Godfrey, 41, allegedly used the victim's username and password to access the account and view work-related emails, according to a report in the Richmond County (N.C.) Daily Journal. All three were released and are scheduled to appear in local court on April 23. - AM

The Electronic Privacy Information Center, a privacy advocacy group, filed a complaint with the Federal Trade Commission on Tuesday urging an investigation of Google's cloud computing services to determine the adequacy of its privacy and security safeguards.

Mozilla on Wednesday issued Firefox 3.0.7, which fixes multiple security issues that could potentially enable an attacker to run arbitrary code on a victim's computer, cause a denial-of-service condition, obtain sensitive information, or spoof the location bar, according to an advisory from US-CERT Thursday.

Online photography store iStockphoto warned of a phishing attack targeted against its website on Wednesday, "We strongly urge all users who logged in at some point today to change their passwords," the company said on its website. "In addition, do not open any site mail for the next 24 hours." Attackers created a fake iStockphoto login screen, saved users' credentials on a malicious server then redirected them back to the website's main page. The company said that no financial information was breached. — AM

RECENT COMMENTS

FOLLOW US

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.